Email Error Impacts 6,500 Saliba’s Extended Care Pharmacy Patients

Saliba’s Extended Care Pharmacy in Phoenix, Arizona is alerting more than 6,500 patients to an accidental disclosure of some of their protected health information (PHI).

Copies of invoices for December 2016 were sent via Saliba’s Pharmacy’s encrypted email platform to the wrong patients in January. While there is no chance that the emails could have been intercepted by unauthorized individuals, the emails were opened by three patients or their representatives. The incident occurred on January 12, 2017, and Saliba’s Pharmacy discovered the error four days later on January 16.

Since HIPAA Rules and patient privacy were accidentally violated, breach notification letters were sent to patients on March 3 to alert them to the incident. Patients have been advised to exercise caution and check their explanation of benefits statements and Saliba’s Pharmacy statements for signs of misuse. However, no reports of any misuse of the information have been received by Saliba’s Pharmacy and the risk of PHI misuse as a result of this impermissible disclosure is believed to be very low.

Patients affected by the incident have been told that the information disclosed was limited to names, addresses, and account balances. Some patients also had descriptions and amounts of over-the-counter medications and other pharmacy items detailed in the invoices. The invoices did not contain highly sensitive PHI such as Social Security numbers, health insurance information or financial information.

President of Saliba’s Pharmacy, John Saliba, issued a statement saying privacy breaches such as this are treated very seriously. The employee who made the error has been terminated and additional training has been provided to staff members. Policies and procedures at the pharmacy have also been updated to prevent similar incidents from occurring in the future and to ensure the protected health information of patients is better protected.

According to the breach report submitted to the Department of Health and Human Services’ Office for Civil Rights, 6,599 patients were impacted by this incident.

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

HIPAA

Compliance

Guide

About HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines. HIPAA Journal's goal is to assist HIPAA-covered entities achieve and maintain compliance with state and federal regulations governing the use, storage and disclosure of PHI and PII.